...and you like it

I’ll come out of the closet and admit that I
used to play this game with an almost fanatic interest. My first
exposure to the game was in Spain when several other military brats in
my apartment complex introduced me to a twenty sided die (1d20). By the
time I moved to Guam, I was hooked. I started a group there with an
unlikely band of friends: a Hawaiian volleyball player, half-thai
skateboarder dude, heavy metal rocker, etc… and we were destroyers of
worlds.

For many of these guys, the game was new to them and they didn’t realize
that in many circles there was a stigma attached to those who played it.
I would cringe when hanging out with my other friends and these guys
would say, “Yeah, we’re going to play Dungeons and Dragons tonight”.
This was an unecessary side effect of youthful insecurity. I haven’t
played in years as I’ve found that as people work full time and have
families, it’s difficult to make the time. Even more difficult is to
have several people have the time at the same time. It’s a feat of
synchronization. Perhaps when I retire.

Mark Frauenfelder: Peter Bebergal has a wonderful op-ed in today’s
Boston Globe about the imagination-boosting power of Dungeons and
Dragons

To put it simply, Dungeons and Dragons reinvented the use of the
imagination as a kid’s best toy. The cliche of parents waxing
nostalgic for their wooden toys and things “they had to make
themselves” has now become my own. Looking around at my toddler’s
room full of trucks, trains, and Transformers, I want to cry out, “I
created worlds with nothing more than a twenty-sided die!”
Dungeons and Dragons was a not a way out of the mainstream, as some
parents feared and other kids suspected, but a way back into the
realm of story-telling. This was what my friends and I were doing:
creating narratives to make sense of feeling socially marginal. We
were writing stories, grand in scope, with heroes, villains, and the
entire zoology of mythical creatures.

An example he presents is when the thread is waiting on a
synchronization primitive. The solution given is to call
Thread.Interrupt.

This is a handy technique when you have a reference to the thread you
wish to cancel, but this is not often the case when dealing with
asynchronous method calls such as spawned by calling BeginInvoke. You
won’t have a reference to the thread that an asynchronous method call is
operating on.

So what is the would be thread terminator to do? Rather than go back in
time and stop the thread from being spawned in the first place (my
apologies for the poor cinema reference), avoid having indefinite waits
on synchronization primitives in the first place. With a
ManualResetEvent for example, you can specify a timeout for the
WaitOne method. I recommend that you do so.

Ian
Griffiths
(one of my favorite tech bloggers) wrote this fine
piece
on why Thread.Abort is a representation of all that is evil and
threatens the American (and British) way of life.

The problem with Thread.Abort is that it can interrupt the progress
of the target thread at any point. It does so by raising an
’asynchronous’ exception, an exception that could emerge at more or
less any point in your program. (This has nothing to do with the .NET
async pattern by the way - that’s about doing work without hogging the
thread that started the work.)

I’ve taken this to heart in the design of my Socket server class (which
I will release to the public some day) and in any situation where I have
a service running that spawns asynchronous operations. Ian’s appoach to
cancelling an asynchronous operation is the similar to mine:

The approach I always recommend is dead simple. Have a volatile bool
field that is visible both to your worker thread and your UI thread.
If the user clicks cancel, set this flag. Meanwhile, on your worker
thread, test the flag from time to time. If you see it get set, stop
what you’re doing.

One difference is that I chose not to use a
volatile
bool field. My reasoning was that if my asynchronous operation only
reads the value (and never writes it) and just happened to be reading it
while my main thread was changing it to false (in response to a user
cancellation effort), I’m not so concerned that asynchronous operation
might read true even though it’s being set to false. Why not? Well it’ll
stay false by the time I check it again and the chance of that small
synchronization flaw is very minute and has a low cost even if it does
occur.

The question is, am I missing something more important by not using a
volatile field in this instance?

So now that I have a second Windows box (and third computer in the
house), I’m soliciting recommendations for good synchronization
software. Ideally I’d like something where I could configure which
directories and files get synchronized and it happens seamlessly any
time the Tablet connects to the home network.

Using NDoc I’ve generated an update
version of the CHM code documentation for RSS
Bandit. As
you’ll see (if you take a look) this documentation is by no means
complete. Many of the public methods need better documentation. Also,
there are no Namespace summaries yet. I plan to spend some time adding
these summaries and some higher level API documentation.

This documentation is intended for interested developers and is meant to
supplement the existing documentation at the RSS Bandit documentation
website.

Included in the documentation are three main components: RSSBandit.exe,
NewsComponents.dll, and RSSBandit.UnitTests.dll.

RSSBandit.exe is the main application code. The documentation here
covers all the Forms in use etc.

NewsComponents.dll contains all the classes used to fetch and parse
RSS feeds as well as NNTP. Much of core logic is contained in this
assembly.

RssBandit.UnitTest.dll I included the documentation of this assembly
so that you can read what unit tests we currently have (and thus infer
the many we are missing). The great thing about unit tests is that many
of them are demonstrations of how to use the API (when correctly written
which I can’t yet vouch for my own) ;)

Wohoo! And it is a thing of
beauty. Unfortunately I’ve been crazy busy lately so I don’t have any
pictures so you’ll have to settle for this stock photo.

Acquiring a new computer is a laborious affair. Step one is to download
and install Windows SP2 and all other critical updates etc… Second is
to install RSS Bandit Then its the process
of installing all the rest of the software, tools, and tweaks I’ve grown
reliant on.

I’d like to backup all my photos and music on there, but that wouldn’t
leave me much room for anything else. I’ll have to carefully cull a
selection of music worthy to carry around.

Anybody have software recommendations for the Tablet PC? In what ways
do you use it differently than you do a laptop in your day to day
operations?

When the
Olympics occurred, one of my favorite DJs spun for the opening
ceremonies. Unfortunately I missed it, but I had heard good buzz about
his performance. Now he’s come out with a CD called “Parade of the
Athletes”.
I have a feeling that if you liked the music he played for the Olympics,
you’ll like this cd.

…Thus if a hacker steals the hashed password from your database, he
will be able to write an application that gives the hash to WSE and he
will authenticate successfully - which is exactly what we are trying
to avoid by storing the hashed passwords in the first place. \
\
…\
\
The bottom line: this approach won’t really solve the real problem -
if I steal the hash from the database, I will be able to uthenticate
successfully. I’d love this to work the way you describe but as a
security-conscious developer I’m still losing sleep.

Although this is a true scenario, the author makes an assumption that is
false. The purpose of storing a hashed password is NOT to stop a hacker
who obtains the hash from being able to authenticate as that user.

Think of it this way, if I’m a hacker and I am able to compromise your
user database and obtain a user’s hashed password, why would I ever try
to authenticate as that user? Since I already have my grubby hands in
the cookie jar, I might as well grab all the data directly from your
compromised database.

Rather, the purpose of hashing a password with a salt value is to
provide security to the user of the system that rogue employees of the
company and hackers who compromise the database cannot use my password
to log into other sites I frequent.

Ideally your database isn’t compromised very often, otherwise you have
bigger problems than whether or not passwords are hashed.

That’s why a security minded developer doesn’t stop at hashing
passwords. Code security is never enough and is only a small part of the
equation. The IT staff have to make sure the database itself is secure
and not likely to be compromised. Staff with access to the system must
be trained to deal with social engineering attacks. What good is a
hashed password if I can call up tech support and get any information I
need by posing as an executive?

So to the author of this email, I suggest you don’t lose sleep over the
hashed password scenario. As a security conscious developer, you have a
huge number of other attack scenarios to lose sleep over. ;-)

I picked up Twiggy from the vet after work and she’s been such a
trooper. Check out the sassy hot pink cast that’s bigger than she is.

\
I’m ready to whack some fools with this thing.

We took her for a really short walk so she could do her thing outside
and she looked so sad limping along like a tiny little gimp. However,
when I tried to take a video of her walking, she decided to show some
pride(avi 1.07 MB).

Twiggy was at a newly opened small
dog park when a group of other small dogs suddenly ganged up on her. Of
course they couldn’t catch her because she’s a speed demon, but she must
have caught her foot in a grate on the ground (extremely bad idea for a
small dog park to have a grate on the ground) and broke her leg just
above her ankle.

She’s at the vet now and is doing fine. If you have a pet that you care
for, I recommend getting pet insurance. I hear it’s not too expensive
and could save you a pretty dime in a situation like this. We were
planning to purchase it but just hadn’t gotten around to it. Now we have
a significant vet bill to pay.

One of the holy grails for unit testing is to get 100% code coverage
from your tests. However, you can’t sit back and smoke a cigar when you
reach that point and assume your code is invulnerable. Code coverage
just is not enough.

One obvious reason is that Code Coverage cannot help you find errors of
omission. That is, even if you had 100% code coverage from your tests,
if you forget to implement a feature (and a test for that feature), then
you’re shit out of luck.

However, apart from errors of omission, there’s the case presented here.
Imagine you have the following simple class (I’m sure your real world
class is much more complicated and interesting, but bear with me).

usingSystem;usingSystem.Collections;publicclassMyClass{Dictionary&lt;string,int&gt;_values=newDictionary&lt;string,int&gt;();publicMyClass(){_values.Add("keyOne","1");_values.Add("keyTwo","7");_values.Add("keyThree","10");// ...}publicintSumIt(string[]keys){inttotal=0;foreach(stringkeyinkeys){total+=_values[key];_values[key]=total;//Maybe we do some other//interesting things here.}returntotal;}}

Voila! 100% code coverage. But does this satisfy the little QA tester
inside? I would hope not and suggest that it shouldn’t. Code coverage is
worthy goal, but often unnattainable in large systems (hence the need
for prioritization) and doesn’t provide all the benefits it would seem.

To handle situations like this, unit tests need to go beyond
concentrating on code coverage and also consider data coverage. Of
course, that’s not always practical. In the above example, if I only
have 10 keys, testing the possible permutations of SumIt becomes a huge
burden. Often the best you can do is to test a small sample and the
boundary cases.

Colin shows how to configure
CopySourceAsHtml
for any source file that VS.NET provides syntax highlighting. In my
case, I’ve mapped the shortcut CTRL+C CTRL+S to the Copy command and
CTRL+C CTRL+N to CopyNow command.

As this utility catches on, I think you’ll see a huge proportion of .NET
bloggers using it to post source code snippets on their blogs. It now
uses VS.NET’s own syntax highlighting to highlight the code. Thus
whatever settings you have in VS.NET are used by the add-in. It’s also
much more configurable with word-wrapping, ability to add extra styling
options, etc… Here’s a couple of snippets as a demonstration.

According to the example’s on Colin’s site, it even works with aspx and
css files. Unfortunately, that’s not working for me right now as I don’t
see the context menu on those pages.

There is now a plug-in to use BlogJet to blog items from RSS Bandit. I
haven’t tested it yet, but if the plug-in doesn’t do anything specific
to RSS Bandit, it should be usable by any aggregator that supports the
IBlogExtension
interface.
Want to write your own plug-in? Read my guide
here.

Finally, I did it – a plugin to integrate RSS
Bandit and BlogJet. If
you’re using RSS Bandit to read feeds and BlogJet to post to your
blog, this plugin is a must-have. It adds a new item to Bandit’s
right-click menu – “BlogJet This!”. Click it and it will lanch BlogJet
with the content of selected item.

When building an installer for a Windows Service in VS.NET 2003,
conspicuously missing is the ability to specify a description for the
service that is displayed in the Services applet.

I’ve written a base installer class that inherits from
System.Configuration.Install.Installer for this purpose, but I’ll just
present to you the source listings for the methods to add and remove a
service description.